Privacy Policy

1.Scope & nature of this site

This Privacy Policy describes how Healing Trauma Services, LLC ("we," "us," "our," or the "Practice") handles information collected through the marketing website at traumatherapylv.com (the "Site").

The Site exists to introduce prospective clients to Liz Carrasco, LCSW and the Practice, to share educational information, and to allow visitors to request a free initial consultation. Browsing this Site or sending a message through it does not create a therapist–client, treatment, professional, or fiduciary relationship of any kind.

Clinical services are provided only to clients who have completed a separate intake process and who are physically located in the State of Nevada or the State of Utah at the time of service. Visiting the Site from any other state, territory, or country does not entitle the visitor to clinical services and does not constitute an offer or acceptance of services in any other jurisdiction.

2.What information we collect

2.1 Information you provide directly

When you submit the contact form on the Site, we collect what you choose to share, which typically includes:

• Your name (as you enter it);
• Your email address;
• Your phone number (optional);
• The topic you select from the form's dropdown (e.g., consultation request, general inquiry); and
• The free-text contents of your message.

2.2 Information collected automatically

Like nearly every website on the public internet, our hosting provider and content delivery network record standard server-log data when your browser requests a page. This typically includes:

• Your IP address (which can be coarsely associated with a city or region);
• Your browser type, version, and device/operating-system identifiers (the "User-Agent" header);
• The page you requested and the page that referred you (if any); and
• The date and time of the request.

These logs are generated by infrastructure providers for security, abuse prevention, and reliability purposes and are subject to those providers' policies.

2.3 What we do not collect on this Site

• Payment information. We do not process payments on this Site. Billing for clinical services is handled by external partners (such as Rula and SonderMind) under their own privacy practices, or directly through the Practice's secure clinical billing system after intake.
• Health records, diagnoses, treatment plans, or insurance details. The Site is not configured to receive or store protected health information.
• Government identifiers (Social Security numbers, driver's license numbers, etc.).
• Biometric or precise geolocation data.

3.HIPAA boundary

Please do not include in any form submission:

• Specific symptoms, diagnoses, or medication lists;
• Descriptions of trauma history, abuse history, or sensitive clinical events;
• Insurance member IDs, group numbers, or claim details;
• Information about minors or third parties; or
• Any other information you would consider confidential health information.

To request a consultation, it is sufficient to provide your name, a way to reach you, and a brief, general statement such as "I'd like to schedule a consultation" or "I have a scheduling question." Detailed clinical conversation occurs only after intake, through secure channels established in your therapist–client agreement (for example, the Rula client portal, SimplePractice if applicable, or another secure method designated in writing).

If you choose to disclose protected health information through the Site despite this notice, you do so voluntarily and at your own risk, and you acknowledge that the Practice cannot guarantee HIPAA-level confidentiality for information transmitted in this manner.

4.How we use the information

We use the limited information described above only to:

• Respond to your inquiry;
• Schedule a free 15-minute initial consultation, if requested;
• Provide you with information about the Practice's services, hours, fees, and intake procedures;
• Maintain the security, integrity, and availability of the Site (including detecting abuse, spam, or unauthorized access); and
• Comply with applicable legal, regulatory, and professional-licensure obligations.

We do not use your information for behavioral advertising, profiling, automated decision-making with legal effects, or sale to third parties. We do not engage in cross-context behavioral advertising. We do not "sell" or "share" personal information as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA").

5.Who we share information with

We share information only with the limited categories of recipients listed below, and only to the extent necessary for the stated purpose:

• Form processor (Formspree). Contact-form submissions are transmitted through Formspree (Formspree, Inc.), which delivers them to our email inbox. Formspree's handling of your data is governed by its own privacy policy and terms.
• External booking and billing platforms (Rula, SonderMind). If you click through to Rula or to SonderMind from this Site to schedule or pay, you leave the Site and enter a separate environment governed by that platform's own privacy policy and terms. We do not control those platforms.
• Web hosting and content-delivery providers. Standard server-log data is processed by the Site's hosting provider and CDN to deliver pages and protect against abuse.
• Google Fonts CDN. The Site loads typefaces from Google's Fonts CDN (fonts.googleapis.com / fonts.gstatic.com). When your browser requests a font file, your IP address and standard request headers may be transmitted to Google. European courts have previously held this to be a transfer of personal data; if you object, you may use a browser extension that blocks third-party font loading.
• Other libraries loaded from public CDNs. The Site loads JavaScript libraries (such as Lenis from jsDelivr and GSAP from cdnjs) from public content-delivery networks. These requests likewise expose your IP address and User-Agent to those CDN operators.
• Professional advisors. We may share information with our attorneys, accountants, insurers, and licensure-board representatives where reasonably necessary and where they are bound by confidentiality.
• Law enforcement and legal compliance. We may disclose information when required by valid legal process (such as a lawfully issued subpoena or court order), to comply with mandatory-reporting obligations applicable to licensed clinical social workers (including, where applicable, NRS 432B and Utah Code § 62A-4a-403 regarding reports of abuse and neglect, and the duty-to-warn / imminent-harm exceptions recognized under Nevada and Utah law), or where we believe in good faith that disclosure is necessary to protect the rights, safety, or property of any person.

We do not sell personal information. We do not rent, trade, or otherwise commercially distribute the information you provide.

6.Cookies, analytics & tracking

As of the effective date of this policy, the Site does not set first-party cookies, does not deploy analytics tools (such as Google Analytics), and does not include third-party tracking pixels, advertising tags, or session-replay scripts. Some passive third-party requests (for fonts and scripts; see Section 5) will still result in your IP address being visible to those CDN operators.

If we add cookies, analytics, or any tracking technology in the future, we will (i) update this policy with a new effective date, (ii) describe what is collected and why, and (iii) where required by law, present a consent banner before any non-essential tracking is enabled.

7.Your rights under California law (CCPA/CPRA)

If you are a California resident, you have the following rights with respect to your personal information:

• Right to know what categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of recipients.
• Right to delete personal information we have collected from you, subject to legal exceptions (for example, where we must retain records to comply with a legal obligation).
• Right to correct inaccurate personal information.
• Right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of, but you have the right to confirm this.
• Right to limit use of sensitive personal information to purposes specified by the CCPA. We do not use sensitive personal information for any purpose beyond what is reasonably necessary to provide the services you request.
• Right to non-discrimination for exercising any of the above rights.

To exercise any of these rights, email htslasvegas@gmail.com with the subject line "California Privacy Request." We will verify your identity using information already on file (typically the email address from which you originally contacted us) before responding. You may also designate an authorized agent in writing to make a request on your behalf.

8.Your rights under EU/EEA and UK law (GDPR / UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland and the General Data Protection Regulation (or its UK equivalent) applies to our processing of your personal data, the data controller is:

Healing Trauma Services, LLC
Las Vegas, NV 89113, United States
Email: htslasvegas@gmail.com

You have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate or incomplete data;
• Erase data ("right to be forgotten"), subject to legal exceptions;
• Restrict processing while a dispute is resolved;
• Receive your data in a portable format;
• Object to processing based on our legitimate interests;
• Withdraw consent at any time where processing is based on consent (this does not affect the lawfulness of processing carried out before withdrawal); and
• Lodge a complaint with your local supervisory authority.

Our lawful bases for processing are: (a) your consent (when you voluntarily submit the contact form); (b) the performance of a pre-contractual step at your request (responding to your inquiry about services); and (c) our legitimate interests in operating, securing, and improving the Site.

To exercise any of these rights, email htslasvegas@gmail.com. Note: we are a small U.S.-based solo practice and we do not actively target visitors in the EU/EEA or UK. If you are outside the United States and Canada, please be aware that any information you submit will be processed in the United States.

9.Data retention

• Contact-form submissions (and any email correspondence that does not become part of a clinical record): retained for up to twelve (12) months from the date of last contact, then deleted from active inboxes and form-processor archives, except where retention for a longer period is required by law, by our professional-licensure obligations, or to defend or prosecute a legal claim.
• Server logs: retained on a rolling 90-day basis by our hosting provider for security and operational purposes, then automatically purged.
• Records that become part of a clinical chart after you become a client: retained according to applicable Nevada and/or Utah professional record-keeping requirements and are governed by the Practice's separate Notice of Privacy Practices, not by this Site policy.

10.Children under 13 (COPPA)

This Site is intended for adults seeking trauma-informed therapy services. It is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or legal guardian and believe your child under 13 has submitted information through the Site, please contact htslasvegas@gmail.com and we will delete the information promptly upon verification.

11.Data security

We take reasonable, industry-standard measures to protect information transmitted through the Site. The Site is served over HTTPS (TLS) so that data sent between your browser and the Site is encrypted in transit. The third-party form processor we use likewise transmits submissions over TLS to our email inbox.

However, no method of transmission over the internet, and no method of electronic storage, is 100% secure. We cannot and do not guarantee absolute security. By using the contact form, you accept this inherent risk and acknowledge that the form is not an appropriate channel for clinical or other highly sensitive information (see Section 3).

12.Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, in the technology used by the Site, in legal requirements, or for other operational reasons. When we make a material change, we will update the "Last updated" date at the top of this page and, where appropriate, post a more prominent notice on the Site. Continued use of the Site after a change becomes effective constitutes your acknowledgment of the updated policy.

13.Contact for privacy inquiries

For questions about this policy, to exercise any of the rights described above, or to report a concern about how your information has been handled, please contact us:

• Email: htslasvegas@gmail.com
• Mail: Healing Trauma Services, LLC · Las Vegas, NV 89113
• Phone: (725) 525-4417

Please do not include clinical information in privacy correspondence; describe your request at a high level and we will respond through the appropriate channel.

14.Governing law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Nevada, without regard to its conflict-of-laws principles, except where superseded by mandatory provisions of applicable consumer-privacy law in the jurisdiction where you reside.

This document is intended to be transparent and protective. It is not legal advice. If you have specific legal questions, consult a licensed attorney in your jurisdiction.